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(54) Flexible method of user authentication 

(57) A method of authorising a user in communica- 
tion with a workstation is disclosed. According to the 
method, a system automatically determines a plurality 
of available user information entry devices in communi- 
cation with the workstation. The system then determines 
predetermined user authorisation methods each requir- 
ing data only from available user information entry de- 
vices. The user then selects one of the determined au- 
thorisation methods for use in user authorisation. Op* 
tionally, each authorisation method is associated with a 
security level relating to user access to resources. Once 
the authorisation method is selected, the user provides 
user authorisation information in accordance with a de- 
termined user authorisation method and registration 
proceeds. 
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Description 

Field of the Invention 

5 [0001) This Invention relates generally to authorisation of individuals and more particularly relates to a method of 
authorising individuals based on an available authorisation method. 



Background of the Invention 



*6 [0002] Computer security is fast becoming an Important Issue. With the proliferation of computers and computer 
networks into all aspects of business and daily life - financial, medical, education, government, and communications - 
the concern over secure file access is growing. Using passwords Is a common method of providing security. Password 
protection and/or combination type locks are employed for computer network security, automatic teller machines, tel- 
ephone banking, calling cards, telephone answering services, houses, and safes. These systems generally require 

i$ the knowledge of an entry code that has been selected by a user or has been preset. 

[0003J Preset codes are often forgotten, as users have no reliable method of remembering them. Writing down the 
codes and storing them in close proximity to an access control device (I.e. the combination lock) results In a secure 
access control system with a very Insecure code. Alternatively, the nuisance of trying several code variations renders 
the access control system more of a problem than a solution. 

£9 [0004] Password systems are known to suffer from other disadvantages. Usually, passwords are specified by a user. 
Most users, being unsophisticated users of security systems, choose passwords that are relatively insecure. As such, 
many systems protected by passwords are easily accessed through a simple trial and error process. 
[0005] A security access system that provides substantially secure access and does not require a password or access 
code is a biometric identification system. A biometric identification system accepts unique biometric information from 

& a user and identifies the user by matching the Information against information belonging to registered users of the 
system. One such biometric identification system is a fingerprint recognition system. 

[0006] In a fingerprint input transducer or sensor, the finger under investigation is usually pressed against a flat 
surface, such as a side of a glass plate; the ridge and valley pattern of the finger tip is sensed by a sensing means 
such as an interrogating light beam. 

30 [0007] Various optical devices are known which employ prisms upon which a finger whose print is to be identified is 
placed. The prism has a first surface upon which a finger is placed, a second surface disposed at an acute angle to 
the first surface through which the fingerprint is viewed and a third illumination surface through which light is directed 
into the prism. In some cases, the illumination surface is at an acute angle to the first surface, as seen for example, in 
US Patents 5,187,482 and 5,187,748. In other cases, the illumination surface is parallel to the first surface, as seen 

35 for example, in US Patents 5,109,427 and 5,233,404. Fingerprint identification devices of this nature are generally 
used to control the building-access or information-access of individuals to buildings, rooms, and devices such as com- 
puter terminals. 

[0008] United States patent number 4,353,056 in the name of Tsikos issued October 5, 1 982, discloses an alternative 
kind of fingerprint sensor that uses a capacitive sensing approach. The described sensor has a two dimensional, row 

*i> and column, array of capacitors, each comprising a pair of spaced electrodes, carried In a sensing member and covered 
by an insulating film. The sensors rely upon deformation to the sensing member caused by a finger being placed 
thereon so as to vary locally the spacing between capacitor electrodes, according to the ridgeArough pattern of the 
fingerprint, and hence, the capacitance of the capacitors, in one arrangement, the capacitors of each column are 
connected in series with the columns of capacitors connected in parallel and a voltage is applied across the columns. 

■4* In another arrangement, a voltage is applied to each individual capacitor In the array. Sensing in the respective two 
arrangements is accomplished by detecting the change of voltage distribution in the series connected capacitors or 
by measuring the voltage values of the individual capacitances resulting from local deformation. To achieve this, an 
individual connection is required from the detection circuit to each capacitor. 

[0009] Before the advent of computers and imaging devices, research was conducted into fingerprint characterisation 
&> and identification. Today, much of the research focus in biometrics has been directed toward improving the input trans- 
ducer and the quality of the biometric input data. Fingerprint characterisation is well known and can Involve many 
aspects of fingerprint analysis. The analysis of fingerprints is discussed in the following references, which are hereby 
incorporated by reference: 

55 Xiao Qinghan and Bian Zhaoqi,: An approach to Fingerprint Identification By Using the Attributes of Feature Lines 
of Fingerprint," IEEE Pattern Recognition, pp 663, 1 986; 

C.B. Shelman, " Fingerprint Classification - Theory and Application," Proc. 76 Camahan Conference on Electronic 
Crime Countermeasures, 1976; 
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Feri Pernus, Stanko Kovacic, and Ludvlk Gyergyek, "Minutaie Based Fingerprint Registration," IEEE Pattern Rec- 
ognition, pp 1380, 1980; 

J A Ratkovic, F.W. Blackwell, and H.H. Bailey, "Concepts for a Next Generation Automated Fingerprint System," 
Proc. 78 Carnahan Conference on Electronic Crime Countermeasures, 1978; 
$ K. MNIard, " An approach to the Automatic Retrieval of Latent Fingerprints," Proc. 75 Carnahan Conference on 

Electronic Crime Countermeasures, 1 975; 

Moayer and K.S. Fu, "A Syntactic Approach to Fingerprint Pattern Recognition," Memo Np. 73-18, Purdue Uni- 
versity, School of Electrical Engineering, 1973; 

Wegstein, An Automated Fingerprint identification System, NBS special publication, U.S. Department of Com- 
tp merce/National Bureau of Standards, ISSN 0083-1 883; no. 500-89, 1 982; 

Moenssens, Andre A., Fingerprint Techniques, Chilton BookCo., 1971; and, 

Wegstein and J.F. Rafferty, The LX39 Latent Fingerprint Matcher, NBS special publication, U.S. Department of 
Commerce/National Bureau of Standards; no. 500-36, 1978. 

[0010] Though biometric authentication is a secure means of identifying a user, it has not penetrated the marketplace 
sufficiently to be on most desktops. Further, since most forms of biometric authentication require specialised hardware, 
market penetration is slow and requires both acceptance of the new hardware and a pressing need. 
[001 1 ] Typical uses of user authentication include system access, user identification, and access to a secure key 
database. Often a secure key database is encrypted with a key that is accessible through user authentication or Iden- 
2° tification. 

[0012] Key management systems are well known. One such system, by Entrust® Technologies Limited is currently 
commercially available. Unfortunately, current key management systems are designed for installation on a single com- 
puter for use with a single fixed user authorisation method and for portability between computers having a same con- 
figuration. As such, implementation of enhanced security through installation of biometric input devices is costly and 
& greatly limits portability of key databases. Password based protection of key databases is undesirable because of the 
inherent insecure nature of most user selected passwords. 

[0013] For example, when using Entrust® software to protect a key database, the database is portable on a smart 
card or on a floppy disk. The portable key database Is a duplicate of the existing key database. User authentication 
for the portable key database is identical to that of the original key database. The implications of this are insignificant 

30 when password user authentication is employed; however, when biometric user authentication such as retinal scanning 
or fingerprint identification are used, the appropriate biometric identification system Is required at each location wherein 
the portable key database is used. Unfortunately, this is often not the case. In order to avoid this problem, organisations 
employ password access throughout and thereby reduce overall security to facilitate portability. 
[0014] Alternatively, members of an organisation are not permitted to travel with portable key databases and thereby 

as have reduced mobility and are capable of performing fewer tasks while outside the office. This effectively counters 
many of the benefits available in the information age. 

[001 5] In the past, a system was provided with a single available security system. Typically, prior art systems require 
a password. Alternatively, a system could require a password and a biometric, or another predetermined combination 
of user authorisation information. Unfortunately, passwords are inherently insecure. Further, because of the limited 

*0 number of workstations equipped with biometric scanners and so forth, it is difficult to implement a system secured 
with biometrics. It would be advantageous to provide a method of user authorisation that is flexible enough to work on 
different workstations and to accommodate user needs of different users and at different workstations. 
[0016] Another known system includes a key server. A key server is a single system that provides keys to individuals 
upon identification or authorisation. Such a system is useful in large organisations since it permits changing of system 

# access codes without requiring every user to provide their personal key data storage device. Because of the extreme 
problems associated with losing secure keys, it is essential that a key server be backed up appropriately. Further, it is 
necessary that the server be available at all times. This is achieved through duplication of servers. Unfortunately, key 
servers are costly and this makes their implementation problematic in some instances. For example, a company per- 
forming a trial of a new user access system such a fingerprint identification system often purchases and installs only 

so a handful of "test" workstations. Thus, to try out fifty (50) fingerprint scanners with a key server configuration requires 
two robust key servers having full backup capabilities, a main key server and a duplicate key server, and 50 fingerprint 
imagers. Since a fingerprint imager is likely to cost less than 10% of the cost of the servers, the additional cost is 
extremely undesirable. Eliminating a need for a duplicate key server would be highly advantageous. 

s$ Object of the Invention 

[0017] In an attempt to overcome these and other limitations of the prior art, it is an object of this invention to provide 
a method of automatically determining available user authentication methods and allowing users to access a system 
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using available methods. 

[0018] It is a further object of the invention to provide a method of storing security information with each of several 
authorisation methods, the information optionally being different for each method. 

5 Summary of the Invention 

[0019] In accordance with the invention there is provided a method of authorising a user in communication with a 
workstation comprising the steps of: automatically determining at least an available user information entry device In 
communication with the workstation; determining user authorisation methods each requiring data only from available 

'p user information entry devices from a plurality of user authorisation methods; providing user authorisation information 
in accordance with one of the determined user authorisation methods; and, registering the user authorisation informa- 
tion provided against stored data to perform at least one of identifying and authorising the user. 
[0020] In accordance with the invention there is also provided a method of authorising a user in communication with 
a workstation comprising the steps of: providing a plurality of supported user authorisation methods and associated 

t$ security levels for each user authorisation method; providing user authorisation information to the workstation; deter- 
mining from the plurality of supported user authorisation methods an authorisation method requiring data only from 
the provided user authorisation information ; and, registering the user authorisation information provided against stored 
data to perform at least one of identifying and authorising the user with the associated level of security. 
[0021] In accordance with the invention there is further provided a method of authorising a user in communication 
with a workstation comprising the steps of: 

providing a plurality of user authorisation methods, some user authorisation methods requiring user authorisation in- 
formation from more than one data input device; providing user authorisation Information; registering the provided user 
authorisation information against data stored in a database of user authorisation data; when the data matches the 
stored data within predetermined limits, determining a security level for the individual In dependence upon the provided 

6 user authorisation information and the plurality of user authorisation methods; and, authorising user access within limits 
based upon determined security level. Preferably, the at least an available user information entry device includes a 
plurality of available user information entry devices. 

[0022] It is an advantage of the present invention that a user can gain access to a system using any of a number of 
user authorisation methods some of which may be available on some workstations and not at others. 
W [0023] It is a further advantage of some embodiments of the Invention that convenient user authentication methods 
are usable unless a higher level of security is required. 

Brief Description of the Drawings 

35 [0024] An exemplary embodiment of the invention will now be described In conjunction with the attached drawings, 
in which: 

Fig. 1 is a flow diagram of a prior art method of accessing secured data; 
Rg. 2 is a flow diagram of a prior art method of accessing secured data; 
<*o Fig. 3 is a block diagram of an exemplary system for user authorisation according to the Invention; 

Rg. 4 is a simplified flow diagram of a method of accessing from a plurality of different locations key data stored 
within a portable medium; 

Fig. 5 is a simplified flow diagram of a method of providing upon user authorisation password data unknown to a 
user to a password security system for accessing a file or an application; 
45 Rg. 6 is a simplified flow diagram of a method of providing one of a plurality of passwords to a password subsystem 
based upon a security level of a user authorisation method; and, 

Rg. 7 is a simplified flow diagram of a method of changing a password stored within a key data file and for securing 
a plurality of files or applications. 

so Detailed Description 

[0025] The invention Is described with respect to passwords, tokens, and biometric verification in the form of finger- 
print registration. The method of this invention is applicable to other verification processes as is evident to those of 
skill in the art. 

55 [0026] One of the many problems with a fingerprint biometric is that a special contact-imaging device is required to 
image a fingerprint. Today, many systems and, in particular, many personal computers are not equipped with a contact 
imaging device. It is well known to outfit a network of workstations with biometric imaging devices in order to overcome 
these limitations. Unfortunately, for those who travel on business and need access to sensitive data in the form of 
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network data or encrypted email, such a solution Is not always possible and convenient. Another known solution is to 
travel with a portable contact-Imaging device. Unfortunately, Installation of special software and additional hardware 
expense is commonly required thereby rendering such an approach impractical. Also, many different biometric iden- 
tification techniques are now known and available. It is impractical to install hardware and software in order to switch 

s between verification methods. According to the invention, a method is proposed for providing a flexible authentication 
process that maintains security of an overall system without causing undue inconvenience or limitations. 
[0027] Referring to Fig. 1 , a simplified flow diagram of a prior art method of accessing secured data is shown for use 
in a network comprising a plurality of computers each having a biometric Imaging means. A key data file comprises a 
cryptographic key, which is secured using a biometric authentication method. According to the method, biometric au- 

10 thentication is required to access the cryptographic key For example, the cryptographic key is encrypted using a key 
secured by the biometric information. Upon presentation of appropriate biometric information, the secured cryptograph- 
ic key is accessed, the cryptographic key Is decrypted, and the decrypted cryptographic key is used to encrypt or 
decrypt data files. The method of accessing the cryptographic key is predetermined and is unchanging in nature. Of 
course, other methods of securing cryptographic keys using biometric authentication are also applicable. For example, 

i| secure key locations may be determined by the user authentication process. Thus, if a key is secured using a fingerprint, 
access is through provision and analysis of a fingerprint and it is necessary to outfit each system wherein the user may 
require access to the key with appropriate fingerprint imaging hardware. Similarly, when the key is secured with a 
token, such as a smart card, the token Interface must be Installed on each system wherein the user may require access 
to the key. Presently, it is common to secure the key with a password since almost all systems are equipped with a 

20 keyboard. Unfortunately, passwords suffer from many security related disadvantages. 

[0028] For convenience, key data files are typically transportable in the form of an encrypted data file containing the 
key data and security data necessary to access the encrypted data file. Unfortunately, each other computer system to 
which the key data file is transported must support a same authentication process in order to provide access to the 
key data file. For example, when the second computer has no biometric information input device, the user authorisation 

25 method for accessing the secured key cannot be executed and the secured key is not accesstole. Without the secured 
key, the encrypted cryptographic key data can not be accessed when desired. Alternatively, a method of extracting the 
keys from the key data file absent user authentication is necessary. Such a method is not desirable since it greatly 
reduces security. This exemplary problem is analogous to problems in network access, f He access, network security, 
document authentication, and so forth. 

30 [0029] Referring to Fig. 2, a prior art method of accessing secured data using a smart card based verification process 
but absent a biometric verification process is shown. Here, a password or card based user authentication is employed. 
A smart card having a key data file stored therein is placed into a smart card reader. A user is prompted for user 
authentication in the form of a password. Once the password is verified, access to the cryptographic key is permitted 
and encrypted data files are accessible. One such method is to employ the password or a predetermined portion thereof 

& as a key for encrypting the cryptographic key. Another such method involves providing access to a secured key upon 
verification of the password and using the secured key to access the cryptographic key. As is evident to those of skill 
in the art, conventional key data files cannot be transferred from a system employing a method, such as that of Fig. 1 , 
to a system employing a different method, such as that of Fig. 2. Because of this, prior art systems are used in a less 
than optimally secure fashion wherein a single user authentication system in the form of passwords is used. Altema- 

#. tively, transportability and remote access is reduced where biometric user authentication is conducted. Further alter- 
natively, expenses are greatly Increased in providing homogenous hardware and software base for all systems within 
an organisation. 

[0030] Referring to Fig. 3 and in accordance with the invention, a simplified block diagram of a system for providing 
flexible user authorisation is shown. The system is provided with a user authorisation block, a plurality of clients and 

45 a plurality of data input devices. Typically, each data input device is capable of providing data for use in user authen- 
tication and, each client is capable of being accessed by at least some users. The user authorisation block Includes 
several user authorisation sub-blocks. Each sub-block depends on a set of user data provided from one or more data 
input devices for performing a user authentication. Further, each sub-block relates to security data associated with the 
sub-block in the form of an estimated security level. A discussion of related security data is presented below. 
[0031] Data input devices include biometric Input devices in the form of a fingerprint imager in the form of a contact 
imager, a retinal scanner, and a microphone; a keyboard; a smart card reader; and a token reader. Other data entry 
devices including other biometric information gathering devices are also well-suited to use with the present invention. 
A careful review of the data input devices is useful in establishing advantages and/or disadvantages to each. 
[0032] Biometric data input devices such as the retinal scanner, the fingerprint imager and the microphone are very 

S3 convenient devices. A user need provide nothing other than portions of their person. Thus it is impossible to forget a 
code or an access card. That said, once a method of breaching security with a biometric input device is found, it is 
difficult if not impossible to correct because biometrics do not change. Also, due to health related issues or wear, 
biometrics are not always usable. For example, a scratchy throat results in a voice that may render a voice print unin- 
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telllgtole to a recognition system. That said, a blometiic is generally considered to be a reliable data source for user 
identification. 

[0033] The keyboard is the most common data input device for user authorisation. The keyboard is useful for entering 
codes and passwords. It is also known to use keystroke timing and typing speeds to identify individuals. These are 
:§ known identification techniques. Unfortunately, passwords are inherently Insecure and typing speed changes overtime 
and is difficult to use in isolation to establish identification accurately. 

[0034] Smart card and token readers allow for the use of access cards, analogous to keys, to provide user authori- 
sation data. Like all access cards, these cards are prone to loss, theft and are often forgotten, it is advantageous to 
limit the effects of forgetting an access card without compromising system security. Since both tokens and smart cards 
10 are likely stored in a user's wallet, there is little security enhancement in using both together. It is also advantageous 
to limit the risk of a stolen wallet resulting in a security breach. 

[0035] The user authorisation block shows a number of authentication methods alone or in combination. A quick 
review shows that a token and smart card are used interchangeably with the exemplary system. So are a f Ingerprint- 
password combination and a retinal scan. A Retinal scan-password combination and a fingerprint-smart card combl- 
15 nation also have equivalent security levels. Thus, any of a number of user authorisation methods are available some 
of which are interchangeable - provide same security levels - for user authentication purposes. Of course, this need 
not be so. Each user authorisation method may have a distinct security level. 

[0036] When a user forgets their smart card, they can still access the system using the retinal scanner and password 
and retain similar access privileges. Use of the retinal scanner may be less convenient, but is likely more convenient 

$o than returning home to retrieve the forgotten access card. Further, it is far more secure than having a user logged onto 
the system using someone else's access card or biometric information. Also, when the user is out of the office, they 
can still access any system using a password and token or a password-token-volceprint. These require commonly 
available data input devices. Unfortunately, these may be difficult to use In some environments such as a noisy envi- 
ronment for the voice-print and so forth. 

25 [0037] Related security data is typically implemented based on individuals and authentication method. Some users 
will have access to certain clients only when authenticated with an authentication sub-block believed to provide suffi- 
cient security for that client. 

[0038] Alternatively, for each sub-block an estimated security level is provided and for each client a desired security 
level is provided. When a user is authorised with a particular sub-block they have access to resources requiring less 

30 security than that estimated as provided by the particular sub-block. 

[003d] Further alternatively, users have access restrictions and there is also a further global access restriction such 
as estimated security levels or enumeration of sub-blocks and whether or not each is sufficient to allow access. 
[0040] An exemplary use Is now described with reference to the system of Fig. 3 and referring to the user list and 
other data of Table 1 . A company has a key server for providing encryption keys to individuals for securing their email. 

* 5 Also, the corporation has an accounting system, a network (Novell), Windows NT Servers, Unix servers, and access 
to systems of contractors and contracts. For example, a military database is accessible for Information relating to a 
research project being conducted for the military and a university database is accessible for data relating to a university 
project being conducted for the company. 
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[0041] A first user A arrives at the office in the morning. A has forgotten their identification card in the form of a smart 
card at home. Because of this, A identifies themseff using a password and a biometric. The selected identification type 
is rated at 84% security level. A quick review of system security levels establishes that the Individual is not capable of 
m accessing highly secure information such as personnel files, corporate accounting records and so forth. They are, 
however, provided access to the general corporate data and the data network. 

[0042] In the above example, the military database requires at least 93% security and therefore, the user authorisation 
block will not provide data to the military database to access it. Thus, when the user is working on a military related 
project, It is essential that they are provided with adequate methods of data entry or, alternatively, that they remember 
their access card. 

[0043] Because of the flexibility of the system, many problems with prior art identification systems are obviated. For 
example, if employee A has been doing construction work, his hands may be damaged such that fingerprint data is 
not reliable. As such, he can select another form of authorisation data input for personal identification. Other examples 
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include having a sore throat, forgetting an access card, and so forth. Thus the inherent flexibility of the system is 
extremely advantageous. 

[0044] Referring to Fig. 4, a simplified flow diagram of a method of porting a key data file between different locations 
is provided. According to the diagram, a user is provided with a plurality of keys stored within a portable key data file 

5 and accessible upon user authorisation. At work, the user selects a user Identification method in the form of biometric, 
token, and password. The user then identifies himself using his bimometric data, his token, and a corresponding pass- 
word. The combination is sufficient to provide the user with high level of security. As such, the user has access to data 
secured with key 1 and key 2. Typically, the user has access to ail the keys in the key database when authorised with 
a highest level of security. Of course, this need not be so. At home, the same user has access to the key data file. 

to Since, as shown, the user authorises himself with a password and a token, only keys with a medium security level or 
lower are accessible. Thus, for example, personnel files and accounting files as well as secure confidential files are 
inaccessible. Other work files and personal files are accessible. When the user is away, he authorises himself with a 
password only and, as such, only has access to the key having a low security level. Typically such a key will secure 
marketing data, already published data, unsecure data and an individuals own personal files. 

15 [0045] Of course, when the individual is at a workstation having a token reader or a biometric input device, access 
to key 1 and key 2 is available as long as the access methods required are supported. This increases flexibility and, 
thereby improves overall usability of the security system. 

[0046] According to a further embodiment of the Invention, a method is provided for retrofitting existing security 
systems with the present Invention In a novel fashion that increases overall security of existing systems. As noted 
20 above, passwords are inherently insecure because secure passwords cannot be easily remembered and insecure 
passwords are not secure. Many people use their children's names or clog's name for a password. Others use their 
own names or phone numbers. These are all easily "cracked - by hackers. A secure password is a random string of 
numbers and letters and characters some visible and some not. For example, "argH" CTRL(p) M Umm!23." is a difficult 
password to crack. It is also very difficult to remember. 

6 [0047] Referring to Fig. 5 and in order to overcome these difficulties, the invention provides a method of storing the 
secure password in a secure storage location such as a key database on a key escrow server or a key database on 
a smart card. Preferably, the password is unknown to the user. To access the password, the user authorises themselves 
according to the present invention. When the authorisation is of a sufficiently high security level to provide access to 
the password, the password is decoded and transmitted to the appropriate recipient authorisation process. The result 

$0 is that a single user authorisation procedure is useful on a plurality of different systems even when those systems do 
not support the authorisation procedure directly. 

[0048] To highlight the advantages of the above embodiment, an example follows with reference to Rg. 5. A Word® 
document can be stored •password protected." Often this is used to secure a document from unauthorised access. 
The passwords chosen are often insufficient to provide any real security. In order to provide significant security, a user 

$5 selects password protect document and authorises themselves to provide the password to Wore®. The document is 
stored password protected. The user does not need to know the password, which may be generated at random. When 
the user goes to access the document, the authorisation process is repeated and the password is provided to Word® 
to access the document. This also alleviates the problem with incorrect entry of password data, people looking over 
the shoulder of an employee as they enter their password and so forth. 

40 [0049] A simple method of implementing the invention is to record a user's password entry during use and to play It 
back when the user is authorised. Though this is advantageous since It Is more convenient than present user author- 
isation methods, it does not use the full potential of the present invention wherein the password is unknown to the 
users of the system. Because the passwords can be unknown to the users of the system and can be arbitrarily long 
and complicated, the method allows for conversion of existing password protected systems into more secure systems 

45 without causing undue user Inconvenience, undue expense, and without requiring replacement of software applications 
with new software applications. 

[0050] The system is expandable. Instead of a single password for an application or for all applications, users could 
be prompted to select the password they wish to access as shown in Rg. 6. This allows a user to secure some files 
with personal information using a first password and others using a company provided password. It also allows for a 

so hierarchy of security levels each having a password. 

[0051] Referring to Fig. 7, by maintaining a list of where each password is used, the system can automatically change 
the password associated with each file, system and the passwords stored in the key database, when one is used. This 
allows for periodic updates of passwords to enhance security. It also allows for automatic update of passwords at 
intervals and for manual updates of passwords when a security breach is identified. 

m [0052] A password to be changed is identified. For example, the accounting password may have expired and may 
require updating. The user requesting a change of password is authorised. This involves prompting the user for infor- 
mation and comparing the received information against previously stored information to identify the user. Once author- 
ised, a new password is automatically generated. Each data file secured with the password to be changed is identified, 
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and is resecured using the newly generated password. The password to be changed Is then archived or, optionally, 
destroyed. The generated password is stored in the key data file for future access. Optionally, instead of automatically 
generating the password, the user is prompted to provide a password. This is, in some ways less secure but may be 
desirable. 

5 [0053J Numerous other embodiments may be envisaged without departing from the spirit and scope of the invention. 



Ctatms 

10 1 . A method of authorising a user in communication with a workstation comprising the steps of: 

automatically determining a plurality of available user information entry devices in communication with the 
workstation; 

determining user authorisation methods each requiring data only from available user information entry devices 
from a plurality of user authorisation methods, each user authorisation method associated with a security level, 
some user authorisation methods associated with different security levels for a same user; 
providing user authorisation information in accordance with one of the determined user authorisation methods; 
selecting from the determined user authorisation methods a method wherein the provided user authorisation 
information is provided in accordance with the selected method; and, 

registering the user authorisation information provided against stored data to perform at least one of identifying 
and authorising the user within the associated level of security. 

2. A method of authorising a user in communication with a workstation as defined in claim 1 , comprising the step of: 

M determining security information associated with the user and with the selected user authorisation method, 

the security information different for different user authorisation methods. 

3, A method of authorising a user in communication with a workstation comprising the steps of: 

30 providing a plurality of supported user authorisation methods and associated security levels for each user 

authorisation method; 

providing user authorisation information to the workstation; 

determining from the plurality of supported user authorisation methods an authorisation method requiring data 
only from the provided user authorisation information; and, 

registering the user authorisation Information provided against stored data to perform at least one of identifying 
and authorising the user with the associated level of security. 

4* A method of authorising a user in communication with a workstation as defined in claim 3 comprising the step of: 

4b selecting from the provided user authorisation methods a method wherein the provided user authorisation 

information is provided in accordance with the selected method. 

5. A method of authorising a user in communication with a workstation as defined in claim 4 comprising the steps of: 

45 at intervals prompting an individual using the workstation to provide user authorisation information according 

to the selected method; and, 

registering the user authorisation information provided against stored data to perform one of providing access 
to the secured data and denying access to the secured data in dependence upon the registration results. 

&> 6. A method of authorising a user in communication with a workstation as defined in claim 3 comprising the step of: 

determining security information associated with the user and the security level, the security information dif- 
ferent for different user authorisation methods. 

55 7, A method of authorising a user in communication with a workstation as defined in claim 6 wherein the step of 
determining security information comprises the step of retrieving a security key from a key storage location in 
dependence upon the registration. 
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8. A method of authorising a user in communication with a workstation as defined in claim 7 wherein the security key 
is an encryption key. 

9. A method of authorising a user in communication with a workstation as defined in claim 7 wherein the security key 
5 is a password. 

10. A method of authorising a user in communication with a workstation as defined in claim 3 comprising the steps of: 

upon initiating access to secured data prompting an individual using the workstation to provide user authori- 
se sation information; and, 

registering the user authorisation information provided against stored data in accordance with a user author- 
isation method to perform one of providing access to the secured data and denying access to the secured 
data in dependence upon the registration results. 

15 1 1 . A method of authorising a user in communication with a workstation comprising the steps of: 

providing a plurality of user authorisation methods, some user authorisation methods requiring user authori- 
sation information from more than one data input device; 
providing user authorisation Information; 

registering the provided user authorisation information against data stored in a database of user authorisation 
data; 

when the data matches the stored data within predetermined limits, determining a security level for the indi- 
vidual in dependence upon the provided user authorisation information and the plurality of user authorisation 
methods; and, 

25 authorising user access within limits based upon determined security level. 

12. A method of authorising a user in communication with a workstation as defined in claim 11 wherein user access 
is limited by limiting access to security keys based on the determined security level. 

oo 13. A method of authorising a user in communication with a workstation as defined in claim 12 wherein the security 
keys include encryption keys. 

14. A method of authorising a user in communication with a workstation as defined in claim 13 wherein the security 
keys are stored within a portable storage medium. 

35 

1 5. A method of authorising a user in communication with a workstation as defined in claim 1 4 wherein access to some 
security keys is provided when a user is authorised according to a method of user authorisation but is denied when 
a user is authorised according to another method of user authorisation. 

40 16. A method of authorising a user in communication with a workstation as defined in claim 12 wherein the security 
keys include passwords. 

1 7. A method of authorising a user in communication with a workstation as defined in claim 1 1 comprising the steps of: 

4S selecting a user authorisation method from the plurality of user authorisation methods during execution; and, 

providing user authorisation information in accordance with the selected user authorisation method. 

18. A method of authorising a user in communication with a workstation as defined in claim 1 1 comprising the steps of: 

50 automatically determining a presence or absence of user Information entry devices In communication with the 

workstation, the user information entry devices including a keyboard, a card reader, and a biometric input 
device; and, 

determining user authorisation methods from the plurality of user authorisation methods that require data only 
from user information entry devices which are present. 

55 

1 9. A method of authorising a user in communication with a workstation as defined in claim 1 8 comprising the steps of: 

selecting a user authorisation method from the plurality of determined user authorisation methods; and, 
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providing user authorisation information in accordance with the selected user authorisation method. 
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